mkcert command is a tool for generating self-signed SSL/TLS certificates. This command is useful for developers who are working on local environments and need to generate SSL/TLS certificates for their applications without relying on third-party providers. This command generates certificates that are valid for local development and testing purposes only and are not trusted by any Certificate Authority.
mkcert command generates self-signed certificates that can be used for local development and testing purposes. The command generates both the certificate and private key files in the current directory. The generated certificate is valid for the local domain name and can be used for HTTPS connections in the local environment. The command can also generate a CA certificate that can be used to sign other certificates.
To generate a self-signed certificate, run the following command:
This will generate two files in the current directory:
example.com.pem: The self-signed certificate file.
example.com-key.pem: The private key file.
To generate a CA certificate, run the following command:
This will generate a CA certificate and install it in the system trust store. The generated CA certificate can be used to sign other certificates.
- Generating SSL/TLS certificates for local development and testing purposes.
- Generating CA certificates for signing other certificates.
mkcert command comes with the following options:
||Specifies the output file for the certificate.|
||Specifies the output file for the private key.|
||Generates an ECDSA certificate instead of RSA.|
||Generates a PKCS#12 file instead of separate certificate and key files.|
||Specifies the output file for the PKCS#12 file.|
||Generates a client certificate instead of a server certificate.|
||Generates a server certificate. This is the default.|
||Installs the CA certificate in the system trust store.|
- If you encounter permission errors, try running the command with
- If the generated certificate is not trusted by the browser, you may need to add the CA certificate to the browser’s trust store.
- The generated certificates are valid for local development and testing purposes only and should not be used in production environments.
- The generated CA certificate is not trusted by any Certificate Authority and should not be used for signing certificates in production environments.